11:20 a.m.
Jamie,
This patch was ACKed but somehow never pushed. Is it still
okay to push it as is?
On Mon, 2010-04-05 at 16:15 -0500, Jamie Strandboge wrote:
4_qemu_driver_stdin_path.patch: adjust args to qemudStartVMDaemon()
to
also specify path to stdin_fd, so this can be passed to the AppArmor
driver via *SetSecurityAllLabel(). This updates all calls to
qemudStartVMDaemon() as well as setting up the non-AppArmor security
driver *SetSecurityAllLabel() declarations for the above. This is
required for 5_apparmor-fix-save-restore.patch since AppArmor resolves
the passed file descriptor to the pathname given to open().
--
Jamie Strandboge | http://www.canonical.com
diff -Naur libvirt.orig/src/qemu/qemu_driver.c libvirt/src/qemu/qemu_driver.c
--- libvirt.orig/src/qemu/qemu_driver.c 2010-04-05 13:07:44.000000000 -0500
+++ libvirt/src/qemu/qemu_driver.c 2010-04-05 14:16:20.000000000 -0500
@@ -148,7 +148,8 @@
struct qemud_driver *driver,
virDomainObjPtr vm,
const char *migrateFrom,
- int stdin_fd);
+ int stdin_fd,
+ const char *stdin_path);
static void qemudShutdownVMDaemon(struct qemud_driver *driver,
virDomainObjPtr vm);
@@ -629,7 +630,7 @@
int ret;
virResetLastError();
- ret = qemudStartVMDaemon(data->conn, data->driver, vm, NULL, -1);
+ ret = qemudStartVMDaemon(data->conn, data->driver, vm, NULL, -1, NULL);
if (ret < 0) {
virErrorPtr err = virGetLastError();
VIR_ERROR(_("Failed to autostart VM '%s': %s"),
@@ -3145,7 +3146,8 @@
struct qemud_driver *driver,
virDomainObjPtr vm,
const char *migrateFrom,
- int stdin_fd) {
+ int stdin_fd,
+ const char *stdin_path) {
const char **argv = NULL, **tmp;
const char **progenv = NULL;
int i, ret;
@@ -3193,7 +3195,7 @@
DEBUG0("Generating setting domain security labels (if required)");
if (driver->securityDriver &&
driver->securityDriver->domainSetSecurityAllLabel &&
- driver->securityDriver->domainSetSecurityAllLabel(vm) < 0)
+ driver->securityDriver->domainSetSecurityAllLabel(vm, stdin_path) < 0)
goto cleanup;
/* Ensure no historical cgroup for this VM is lying around bogus
@@ -4054,7 +4056,7 @@
if (qemuDomainObjBeginJobWithDriver(driver, vm) < 0)
goto cleanup; /* XXXX free the 'vm' we created ? */
- if (qemudStartVMDaemon(conn, driver, vm, NULL, -1) < 0) {
+ if (qemudStartVMDaemon(conn, driver, vm, NULL, -1, NULL) < 0) {
if (qemuDomainObjEndJob(vm) > 0)
virDomainRemoveInactive(&driver->domains,
vm);
@@ -5909,7 +5911,7 @@
}
}
/* Set the migration source and start it up. */
- ret = qemudStartVMDaemon(conn, driver, vm, "stdio", fd);
+ ret = qemudStartVMDaemon(conn, driver, vm, "stdio", fd, path);
if (intermediate_pid != -1) {
/* Wait for intermediate process to exit */
while (waitpid(intermediate_pid, &childstat, 0) == -1 &&
@@ -6334,7 +6336,7 @@
virDomainObjLock(vm);
}
- ret = qemudStartVMDaemon(dom->conn, driver, vm, NULL, -1);
+ ret = qemudStartVMDaemon(dom->conn, driver, vm, NULL, -1, NULL);
if (ret != -1)
event = virDomainEventNewFromObj(vm,
VIR_DOMAIN_EVENT_STARTED,
@@ -9400,7 +9402,7 @@
/* Start the QEMU daemon, with the same command-line arguments plus
* -incoming unix:/path/to/file or exec:nc -U /path/to/file
*/
- internalret = qemudStartVMDaemon(dconn, driver, vm, migrateFrom, -1);
+ internalret = qemudStartVMDaemon(dconn, driver, vm, migrateFrom, -1, NULL);
VIR_FREE(migrateFrom);
if (internalret < 0) {
/* Note that we don't set an error here because qemudStartVMDaemon
@@ -9605,7 +9607,7 @@
* -incoming tcp:0.0.0.0:port
*/
snprintf (migrateFrom, sizeof (migrateFrom), "tcp:0.0.0.0:%d", this_port);
- if (qemudStartVMDaemon (dconn, driver, vm, migrateFrom, -1) < 0) {
+ if (qemudStartVMDaemon (dconn, driver, vm, migrateFrom, -1, NULL) < 0) {
/* Note that we don't set an error here because qemudStartVMDaemon
* should have already done that.
*/
@@ -11027,7 +11029,7 @@
goto cleanup;
rc = qemudStartVMDaemon(snapshot->domain->conn, driver, vm, NULL,
- -1);
+ -1, NULL);
if (qemuDomainSnapshotSetInactive(vm, driver->snapshotDir) < 0)
goto cleanup;
if (rc < 0)
diff -Naur libvirt.orig/src/qemu/qemu_security_dac.c libvirt/src/qemu/qemu_security_dac.c
--- libvirt.orig/src/qemu/qemu_security_dac.c 2010-03-24 11:44:19.000000000 -0500
+++ libvirt/src/qemu/qemu_security_dac.c 2010-04-05 14:14:43.000000000 -0500
@@ -346,7 +346,7 @@
static int
-qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm)
+qemuSecurityDACSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path
ATTRIBUTE_UNUSED)
{
int i;
diff -Naur libvirt.orig/src/qemu/qemu_security_stacked.c
libvirt/src/qemu/qemu_security_stacked.c
--- libvirt.orig/src/qemu/qemu_security_stacked.c 2010-03-03 07:07:33.000000000 -0600
+++ libvirt/src/qemu/qemu_security_stacked.c 2010-04-05 14:14:43.000000000 -0500
@@ -196,18 +196,18 @@
static int
-qemuSecurityStackedSetSecurityAllLabel(virDomainObjPtr vm)
+qemuSecurityStackedSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path)
{
int rc = 0;
if (driver->securitySecondaryDriver &&
driver->securitySecondaryDriver->domainSetSecurityAllLabel &&
- driver->securitySecondaryDriver->domainSetSecurityAllLabel(vm) < 0)
+ driver->securitySecondaryDriver->domainSetSecurityAllLabel(vm, stdin_path)
< 0)
rc = -1;
if (driver->securityPrimaryDriver &&
driver->securityPrimaryDriver->domainSetSecurityAllLabel &&
- driver->securityPrimaryDriver->domainSetSecurityAllLabel(vm) < 0)
+ driver->securityPrimaryDriver->domainSetSecurityAllLabel(vm, stdin_path)
< 0)
rc = -1;
return rc;
diff -Naur libvirt.orig/src/security/security_driver.h
libvirt/src/security/security_driver.h
--- libvirt.orig/src/security/security_driver.h 2010-03-24 11:44:19.000000000 -0500
+++ libvirt/src/security/security_driver.h 2010-04-05 14:14:43.000000000 -0500
@@ -45,7 +45,8 @@
typedef int (*virSecurityDomainGenLabel) (virDomainObjPtr sec);
typedef int (*virSecurityDomainReserveLabel) (virDomainObjPtr sec);
typedef int (*virSecurityDomainReleaseLabel) (virDomainObjPtr sec);
-typedef int (*virSecurityDomainSetAllLabel) (virDomainObjPtr sec);
+typedef int (*virSecurityDomainSetAllLabel) (virDomainObjPtr sec,
+ const char *stdin_path);
typedef int (*virSecurityDomainRestoreAllLabel) (virDomainObjPtr vm);
typedef int (*virSecurityDomainGetProcessLabel) (virDomainObjPtr vm,
virSecurityLabelPtr sec);
diff -Naur libvirt.orig/src/security/security_selinux.c
libvirt/src/security/security_selinux.c
--- libvirt.orig/src/security/security_selinux.c 2010-04-05 13:07:44.000000000 -0500
+++ libvirt/src/security/security_selinux.c 2010-04-05 14:14:43.000000000 -0500
@@ -722,7 +722,7 @@
}
static int
-SELinuxSetSecurityAllLabel(virDomainObjPtr vm)
+SELinuxSetSecurityAllLabel(virDomainObjPtr vm, const char *stdin_path ATTRIBUTE_UNUSED)
{
const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
int i;
1:44 p.m.
New subject: [libvirt] [PATCH] 4/10 AppArmor driver updates
On 06/04/2010 12:20 PM, Laine Stump wrote:
Jamie,
This patch was ACKed but somehow never pushed. Is it still
okay to push it as is?
Based on affirmative feedback from Jamie, I just pushed this patch.
On Mon, 2010-04-05 at 16:15 -0500, Jamie Strandboge wrote:
> 4_qemu_driver_stdin_path.patch: adjust args to qemudStartVMDaemon() to
> also specify path to stdin_fd, so this can be passed to the AppArmor
> driver via *SetSecurityAllLabel(). This updates all calls to
> qemudStartVMDaemon() as well as setting up the non-AppArmor security
> driver *SetSecurityAllLabel() declarations for the above. This is
> required for 5_apparmor-fix-save-restore.patch since AppArmor resolves
> the passed file descriptor to the pathname given to open().
>
5282
days inactive
5285
days old
1 comments
1 participants
participants (1)
-
Laine Stump